<?php
include("../mysql_connect.php");
include("../error/upload.php");

$xml = simplexml_load_file('php://input');

//$xml = simplexml_load_file('updateMyBoard.xml');

//XML Parse AccountInfo
foreach( $xml->attributes( ) as $attr)
	$AttrArray[] = $attr;
$UserName = $AttrArray[0];
$Level = $AttrArray[1];
$Name = $AttrArray[2];
$Action = $AttrArray[3];

//XML Parse Board
foreach( $xml->children() as $Board) {
	foreach( $Board->attributes( ) as $attr)
		$Array_Board[] = (string)$attr; 
}
$Board_id = $Array_Board[0];
$Board_Name = $Array_Board[1];

$strSqlCommand = "SELECT idUSER, Name, Level, Organization, Default_Channel
							FROM user
							WHERE Email = '".$UserName."'";
							
$result = mysql_query($strSqlCommand);
$rowUserInfo = @mysql_fetch_array($result);

$idUSER = $rowUserInfo['idUSER'];

if ($Action=='Modify')
	$strSqlCommand = "UPDATE storyboard SET Name='".XMLCharEncode($Board_Name)."' WHERE idSTORYBOARD='".$Board_id."'";
else if ($Action=='Create')
	$strSqlCommand = "INSERT INTO storyboard (Name, USER_idUSER) VALUES ('".XMLCharEncode($Board_Name)."', ".$idUSER.")";
else if ($Action=='Delete')
	$strSqlCommand = "DELETE FROM spot_user_sb_m WHERE STORYBOARD_idSTORYBOARD='".$Board_id."'";

if (!mysql_query($strSqlCommand)) {
	 echo '<Error Message="The requested Information was not found" Domain="ModifyMyBook" />';
	 error_log( "[".date("Y-m-d H:i:s")."] : Image not insert.(Social)\nMySQL : '".mysql_error()."'\n", 3,"ModifyMyBoard-errors.log");
	 saveError("UpdateMyBoard", $UserName, date("Y-m-d H:i:s"), mysql_error());
	 return;
}

if (mysql_insert_id()!=0) {
	$Board_id = mysql_insert_id();
}
else if ($Action=='Delete') {
	
	$strSqlCommand = "DELETE FROM spot_group_media_sb WHERE STORYBOARD_idSTORYBOARD='".$Board_id."'";
	
	if (!mysql_query($strSqlCommand)) {
	 echo '<Error Message="The requested Information was not found" Domain="ModifyMyBook" />';
	 error_log( "[".date("Y-m-d H:i:s")."] : Image not insert.(Social)\nMySQL : '".mysql_error()."'\n", 3,"ModifyMyBoard-errors.log");
	 saveError("UpdateMyBoard", $UserName, date("Y-m-d H:i:s"), mysql_error());
	 return;
	 }
	
	$strSqlCommand = "DELETE FROM storyboard WHERE idSTORYBOARD='".$Board_id."'";
	
	if (!mysql_query($strSqlCommand)) {
	 echo '<Error Message="The requested Information was not found" Domain="ModifyMyBook" />';
	 error_log( "[".date("Y-m-d H:i:s")."] : Image not insert.(Social)\nMySQL : '".mysql_error()."'\n", 3,"ModifyMyBoard-errors.log");
	 saveError("UpdateMyBoard", $UserName, date("Y-m-d H:i:s"), mysql_error());
	 return;
	 }
	
	$Board_id=0;
}

echo '<Success Message="The requested Information was accepted" BoardID="'.$Board_id.'" Domain="ModifyMyBook" Action="'.$Action.'" />';


function XMLCharEncode( $Subject )
{
	$Serach  = array( "<", ">", "&", "'","\"" );
	$Replace = array( "&lt;","&gt;","&amp;","&apos;","&quot;");
	return str_replace($Serach, $Replace, $Subject);
}
?>
